Skip to main content

Linux Kernel EUVDEUVD-2025-209747

| CVE-2025-71298 MEDIUM
2026-05-08 Linux GHSA-j7c4-w5pq-7cg7
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 14, 2026 - 21:30 vuln.today
CVSS changed
May 14, 2026 - 19:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:02 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around madvise

Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drm_gem_shmem_madvise_locked(), which led to errors such as show below.

[ 58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140

Only export the new helper drm_gem_shmem_madvise() for Kunit tests. This is not an interface for regular drivers.

AnalysisAI

Denial of service via missing reservation lock in drm/tests shmem allows local authenticated users to trigger a kernel warning and crash the DRM graphics subsystem. The vulnerability exists in DRM test code that calls drm_gem_shmem_madvise_locked() without properly acquiring the GEM object's reservation lock, causing CPU warnings and potential system instability on affected kernel versions.

Technical ContextAI

The vulnerability resides in the Direct Rendering Manager (DRM) subsystem's shared memory (shmem) helper functions, specifically within test code (drm/tests/drm_gem_shmem_test.c). The DRM graphics subsystem uses reservation locks to synchronize access to GEM (Graphics Execution Manager) objects in memory. The madvise operation, when called on shmem objects via drm_gem_shmem_madvise_locked(), requires that the reservation lock be held to prevent concurrent access violations. The test code was invoking this locked variant without acquiring the lock first, leading to kernel warnings logged at drivers/gpu/drm/drm_gem_shmem_helper.c:499. CWE classification not provided, but this is fundamentally a synchronization/locking issue (conceptually similar to CWE-667: Improper Locking). The fix exports a new helper function drm_gem_shmem_madvise() that wraps the locked operation with proper lock acquisition and release for test use only.

RemediationAI

Apply vendor-released patches from stable kernel branches: upgrade to kernel version 6.18.16, 6.19.6, 7.0, or later. For systems requiring immediate remediation before kernel upgrade, disable DRM test modules if they are loaded (rmmod drm_gem_shmem_test if available) or disable DRM test compilation entirely by setting CONFIG_DRM_GEM_SHMEM_HELPER=n or excluding test modules from kernel build. The practical mitigation for production systems is simple: do not compile or load DRM test code in production kernels-this is standard practice. Reference the fix commits at git.kernel.org/stable/c/9cc77691b5fd615625955cedf726da57543088f1, git.kernel.org/stable/c/07cfcab370da06f26c273306571cbb0bfa3b9c52, and git.kernel.org/stable/c/607d07d8cc0b835a8701259f08a03dc149b79b4f for implementation details.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2025-209747 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy